Digital Forensics
by Cingularity
Summary: An attempt to plug a crucial hole in CID's investigative arsenal: digital forensics. Informs readers of forensic techniques available in public domain. Operating Systems: Linux, Windows; Software: testdisk, COFEE, Wireshark, Recuva; Characters: Nikhil, OC (Ajay), Daya, Shreya, Vivek, Tasha; Couples: Dareya, Vivesha
1. testdisk

Hello Friends! This fanfic is an investigative one, as opposed to my previous romantic one. Rest assured that I will not neglect the other fanfic; that is my first on this site and I plan to maintain it for a long time to come.

Contrary to my regular readers' expectations, this fanfic will not contain any Devanagari, or even Hindi written in Roman. It will be entirely in English, because the setting and the techniques are not unique to CID. They could as well be thought of as set in The Bill, CSI, or any of the countless other police procedurals around the world.

Since this is an investigative, I will keep romance to a minimum. Please do not be disappointed.

The primary focus of the narrative will be on digital forensic techniques, with traditional investigations assuming a lesser role. Since I am a programmer, it is only natural that I should focus on digital forensics, and I find it convenient to introduce an OC for for that purpose.

To avoid confusion, please note that digital forensics has nothing to do with the use of computers as tools in forensic science, which is regularly depicted on the show. In this branch of forensics, computers are the SUBJECT of the investigation. Computers retrieved from crime scenes or otherwise connected to the crime are subjected to investigation.

Also note that all techniques depicted are real, and can be tried safely at home. However, please do not use these techniques to indulge in snooping, hacking or other illegal and immoral activities.

* * *

At the bureau.

ACP Pradyuman: (thinking) What the heck is happening? My men are not able to solve a single one of these cases. I have never felt so helpless in my life.

He stares at three cartons full of files. Files that served as a constant reminder of his team's failure – utter failure. No clues, no leads, no arrests. Even the informers were useless.

ACP: (thinking) People getting duped of their lifetime's worth of savings, getting publicly shamed, getting raped, getting killed... Critical government infrastructure being brought down... I could not prevent any of these... Nor could I punish the guilty...

DCP Chitrole enters the bureau in a huff.

DCP: Pradyuman what is happening? Do you have any idea what the media is saying of us? They call us incompetent; incapable of defending the citizens. They are calling for our resignation. They want our heads. And I want yours.

ACP: What can I possibly do? My men are not equipped or trained to deal with these things. All of these are cybercrimes. And computers don't cough up information even under Daya's torture.

DCP: So what do you want? Should I tell the media that computers don't cough up information? Should I ask the people to stop using computers? Considering the state of affairs, I would certainly do that if I was the Prime Minister. But I am not. And I need a solution before my head rolls. And yours.

DCP was incoherent in his anger.

ACP: Sir, we need additional manpower. We need a trained computer expert.

DCP: A trained expert?! Okay. I'll get you an expert. But after that, you must do everything you can, and also everything you CAN'T, to stop this menace. Otherwise I'll show you what I can do.

ACP: Fine sir. But be quick.

Two days later...

ACP: I introduce to you the digital forensic expert, Ajay.

Abhijeet, Daya, Sachin, Shreya, Purvi, Freddie, Nikhil and Pankaj stare at the bony, bespectacled figure in disbelief.

Abhijeet: (incredulous) He is the expert?

Ajay: Yes, why?

Daya: Aren't you a bit too young?

Ajay: 22 is old enough in things digital. I started learning the tricks of the trade when I was 11. Believe me, give me 15 minutes with a computer and watch it cough up information as a criminal would under Daya sir.

Ajay said this with a cheeky smile.

ACP: Ajay does not have police training. Nikhil, if we ever need to take him out to the field, you will watch his back. Ensure that he is kept out of harm's way and also ensure that he does not mess with traditional forensic evidence.

That last bit is important. Keyboards, for example, carry a lot of fingerprints. It is essential to prevent Ajay from messing with those.

Nikhil: Yes sir.

Ajay: Hi Nikhil!

Nikhil: Hi.

In turn, all members introduce themselves. Freddie and Pankaj carry the three cartons to Ajay's table. Ajay picks up a file and gets to work right away.

Ajay: (pursing his lips) Hmm... Can I have a look at the victim's computer?

Nikhil: Which victim?

Nikhil pointed to the computers that were stacked not-so-neatly in a corner of the bureau, at the opposite end of the alley that opens into the entrance.

Ajay: Let me see.

Ajay identified the CPU by its evidence number, and disassembled it. As he unscrewed the CPU to extract the hard disk, he recalled what he read in the file.

_**This girl was found dead in her hostel room. Her throat had been slit with a sharp wire.**_

_**There were no eyewitnesses. No fingerprints were found on the crime scene. The criminal was wearing a glove. Apart from the girl's own mobile phone, no other phone was located at the exact location and time of the crime. Clearly, the criminal was not carrying one.**_

_**One peculiarity was that the computer in the girl's room was switched on, but no application was running. No window was open. Upon further examination, it was found that there was no data file on it. The only files were system files, which were required and protected by the operating system. The Recycle Bin was also empty. The browsing history had been deleted as well. It was clear that the killer had deleted everything after killing the girl.**_

_**Examination of the girl's phone records also did not turn up any tangible evidence. Even her email account, which was accessed by handing the email provider a court order, did not give a lead.**_

_**We do not even know if the killer was a man or a woman.**_

_**I, Inspector Shrikant Deshmukh, am recommending this case for the consideration of CB-CID.**_

Ajay took out the hard disk and returned to his desk. He turned on the computer and started reading the file until he was greeted by the startup sound of Windows 7. He was startled. He had not looked at the screen prior to that.

Ajay: Are you kidding me? You folks here use Windows?! How on earth am I supposed to do forensic work here?

Nikhil: What? Is... Is there a problem with your computer?

Ajay: Why do I even bother? I should have known that I will have to configure things on my own before I can even begin work.

Using Windows for forensic work would be a disaster. Windows does not respect read-only settings and can tamper with or destroy forensic evidence on connected devices, to the extent that they become inadmissible in courts of law.

With this, he reached into his bag and pulled out a DVD. It had the popular Linux distro Ubuntu on it. Ajay had customized the software for forensic work.

He gave a second glance at an even more powerful weapon in his armory, a DVD of the Linux distro C.A.I.N.E (Computer Aided INvestigative Environment), but felt it best to reserve it for the most hardcore and demanding of jobs. He would get along fine with Ubuntu for this case, he thought.

In under fifteen minutes, the automated installer had finished its work and the useless copy of Windows had been wiped.

Ajay turned off the computer, opened the CPU case, and attached the victim's hard disk as an additional disk, along with the computer's primary hard disk.

He then turned the machine back on, mounted the victim's hard disk with read-only permissions, and took an image of the disk. That way, he could tamper with the image without destroying the real evidence.

He then ran _testdisk_, a program designed to recover deleted files from hard disks and disk images.

Recovering files even after deleting is possible because the when files are deleted, the operating system (OS) simply marks that region on the hard disk as reusable, so new files can be placed on top of the older files, overwriting them in the process. However, before they are actually overwritten, if a recovery is attempted, they can be successfully recovered.

It took a full 30 minutes to recover all the files. Now, Ajay's work was over. Well, almost.

The CID team had to sift through the 2 hours worth of video, 2000 photographs and 150 documents. Ajay, however, still had to decode the recovered browser cookies. That would give clues as to which websites the victim frequented, who she communicated with.

The team burned through the evidence in a day.

The two hours worth of video was entirely useless, pirated films of all varieties downloaded from the Internet.

Of the 2000 photographs, 1800 depicted the girl with one boy. We have a face. Investigation revealed that her family or friends knew nothing of him.

Of the 150 documents, 100 were correspondences between the girl and one boy. We have a name.

We must now establish that the name belongs to the face.

The browser cookies connected the name and the face. The boy's image, which appeared on chat, was cached by the browser, along with his name. Also revealed by the cookies was the content of their chats and emails. Their relationship was strained in the past few days due to the appearance of another girl in his life.

The Central Monitoring System (CMS) of the Department of Telecommunications, Government of India, provided the mobile phone number of our suspect, and also its location.

Fast forward...

Daya had spent five minutes in private with that boy in the interrogation room. ACP was starting to get worried.

ACP: We need that boy alive.

Abhijeet: Let me see.

Abhijeet entered the room just in time to hear the confession. Ajay had nailed the right man.

* * *

I know the story does involve some technical terms and concepts. I have tried my best to explain them in the story. If I have been unsuccessful, please let me know. I will clear all doubts.

I also know that the narrative is very dry. It is nowhere close to the narrative that I created for the Anthology. But I seriously could not think of a better way to present an investigation. Any suggestions and criticisms are welcome. I will try to mend the narrative.

I am on a very weak radio link at the moment. I may not be able to read, or reply to, reviews and PMs any time soon.

(PS: It feels nice to not have to change language after every word. My fingers hurt after completing a chapter of the Anthology. They did not hurt this time!)


	2. Server Logs

Hello Friends! I hope I have not kept you waiting for long.

Continued from the previous chapter.

* * *

Ajay: Now that the first case is solved, we must pick up pace. To quell the media, we should go after the easier cases first, so we can have a higher number of solved cases. Nikhil, please help me arrange the cases in the three cartons.

Ajay first went after the ones that only required software-based file recovery, using the techniques described in the previous chapter. The team split in two, so they could solve two cases simultaneously. The first group consisted of ACP, Abhijeet, Sachin, and Purvi. The second consisted of Daya, Shreya, Freddie, and Pankaj. Nikhil was to stay back with Ajay.

Ajay: I need another machine, so I can cater to the two teams more efficiently. I'm taking yours, Nikhil.

Nikhil: What?! No! I need that! From what I've seen, I can't say I like whatever software you're using.

Ajay: Don't worry, my friend. Ubuntu is very user-friendly. Spend an evening with it and it your wish will be its command.

Ajay re-purposed Nikhil's computer for forensic work, ignoring his vehement protests.

Nikhil: (thinking) Poor me! I don't know how I'll ever get any more work done there.

Ajay commanded the on-field teams according to the data he recovered. Information was delivered to the teams through their tablets.

Daya, Shreya, Sachin and Purvi extracted confessions on the field using _**enhanced interrogation techniques**_. (If you don't know, that huge term is official jargon for what Daya does all the time.)

The criminals were not even carried back to the bureau. They were deposited at the police stations nearest to their sites of arrest, to save time.

Ajay's technique worked. They blasted through a third of the cases in two days flat.

The media had been successfully gagged with files of the solved cases. DCP had not turned up at the bureau since Ajay's induction. That meant he was happy. Or maybe not, as he really wanted ACP's head, but could not help himself to it because of this new recruit.

Two cartons left. Ajay went through the remaining files.

Ajay: I don't think we can solve any of the remaining cases as easily as the first lot.

ACP: (angrily) What do you mean?

Ajay: Sir, I only mean that we require more time to solve these cases. Many of them are cases of hacking into sensitive email and bank accounts. I will need time to verify server logs and reach a conclusion.

Contrary to popular belief, hacking seldom bestows the perpetrators with complete control over the servers. They only manage to get access to a limited number of accounts.

Whatever they do on the servers is completely logged, that is, recorded into files that can be verified later. Among other things, these files record the IP (Internet Protocol) addresses of the perpetrators. The IP address can be used to narrow down the geographic location as well as the service provider of a perpetrator.

_**Customers of the East Bank complained that funds were being siphoned off their accounts without notice. An investigation by the police revealed no clues or leads. We could only verify the fact that funds had indeed been siphoned. The customers were granted relief by a court of law, but the bank had to bear the losses. The perpetrators may strike again.**_

_**I am recommending this case for the consideration of CB-CID.**_

Ajay recalled the succinct note on the file as Nikhil and Abhijeet accompanied him to the bank's headquarters, where the servers were located. There, he dug through the archives until he found the logs pertaining to the case. He identified the logs by the dates of the illegal transactions mentioned by the victims, which were present in the file.

After a tedious two-hour analysis of the logs, which he performed on his laptop, and during which he remained completely silent, he spoke.

Ajay: The perpetrator is an inexperienced bank employee.

Nikhil: How do you know?

Ajay: The IP addresses are internal to this bank. The attack originated from within the network.

Abhijeet: How do you know they are inexperienced?

Ajay: An experienced hacker would not have left himself logged-in with his official email ID when carrying out the attack.

Fast forward...

The employee spoke in a muzzled voice as Daya towered over his cowering figure in the interrogation room.

Criminal: I was in charge of dispatching credit and debit cards to customers via mail. I carefully opened all the sealed envelopes I received from the bank, took note of the details, resealed them and sent them to the customers. After they received the cards, I began my work.

Ajay: (smiling) But you made a fatal error. You left yourself signed in to your official email from the same computer that you used for the illegal transactions.

* * *

Please do let me know if there is some technical concept that I have not explained properly. I will be glad to clarify doubts.


	3. COFEE

Hello Friends! I hope I have not kept you waiting for too long. I know I am late, but I got carried away by the Anthology.

Continued from the previous chapter.

* * *

The remaining cases were more difficult than the initial slew of cases. They were taking more time, but slowly and steadily, Ajay was nailing criminals of the cyberworld. That, however, had not deterred new crimes from being committed. As newer cases were reported, Ajay also had to look into those. The account that follows is of one such case.

Ajay and Nikhil were hard at work. Ajay was busy scouring a hard disk for clues, and Nikhil was updating the databases with the information from the solved cases. The other officers were away on an investigation. The bureau landline blared through the silence. Nikhil answered.

Nikhil: Hello?

Daya: We have just busted a drug cartel.

Gunshots echoed in the background.

Daya: Okay, _almost_ busted. Regardless, what is important is that I have found a computer on which we believe they have stored information about their hideouts and transactions.

More gunshots.

Daya: I need you and Ajay on the field right now.

Nikhil: Yes sir. But where?

More gunshots.

Nikhil: Sir? Are you there?

No response.

Nikhil: Ajay, Daya sir needs us on the field. He is probably in danger, and there is a computer involved. Track his cellphone and let's get going.

Ajay: Okay.

Ajay grabbed his kit. They rushed to the car, and turned on the CMS tracker on an Android tablet. Following the directions, they reached the scene. It was evident at once that it was a scene of intense gunfighting. While Nikhil was worried about his team mates, Ajay was more worried about the computer. A single gunshot to the hard disk could ruin all evidence.

The officers had all escaped with minor injuries, but none of the cartel survived. The computer was the only witness which could cough up information about other arms and branches of the cartel.

Ajay and Nikhil found the computer. It was turned on. Nikhil put on his gloves and reached for the shutdown button, but Ajay grabbed his hand at once.

Ajay: What are you doing?

Nikhil: Shutting it down so we can carry it back to the bureau. I'll take the keyboard with me. Dr. Salunkhe might want to talk to it.

Ajay: No one's talking to anything until I've finished my work. The computer is turned on. This is different from all the cases we've handled so far. It needs to be examined right here.

Nikhil: Don't you think the bureau's a better place in the sweltering heat of April?

Ajay: No. The RAM of the machine may still hold vital evidence, which will be lost upon shutdown.

Ajay put on his gloves, and, using the mouse, carefully altered the settings of the machine to prevent it from hibernating. Hibernation has much the same effects on the RAM that shutting down does. He then physically disconnected the machine from the Internet, by pulling the cable, to prevent it from being remotely wiped or hacked by members of the cartel.

Data can also be recovered from RAM (Random Access Memory), in much the same way as it can be from a hard disk. The only difference is that data from RAM is permanently lost if the machine is shutdown (or hibernated), and can not be recovered. It must be recovered with the machine turned on.

The RAM can give information about what applications had been used lately, even if they have already been closed. It also gives information about what data the applications were handling. In the case of instant messengers, like Google Talk, this data can show who the person was chatting with.

As mentioned in the first chapter, the use of Windows may damage forensic evidence. However, in this case, since the machine was turned on, another operating system (like Ubuntu) could not be loaded without shutting down first. Ajay was on uncharted territory now. He had to do forensic work from within Windows, something he had only done once during training.

In such cases, the investigator usually has to take a call. He may continue to use Windows and risk damaging evidence on the hard disk, or he may choose to shutdown the machine and permanently lose all information from the RAM.

Ajay's decision was made easier by the appearance of the Google Talk icon in the system tray (lower right hand corner in all versions of Windows). He was now sure the RAM had enough useful information to justify risking the hard disk. Besides, it is only a risk that the hard disk can be damaged. It is not guaranteed to happen, but it may happen.

Since the investigation was to be conducted in an uncontrolled environment with live equipment, it was necessary to mitigate the risk of a power failure. The local electrical substation was promptly contacted on Ajay's instruction, and asked to ensure that no power failures occurred in that region.

All of the software that Ajay had in his kit was to perform forensic analysis from a Linux environment. Although he had a copy Microsoft COFEE (Computer Online Forensic Evidence Extractor), it was a pirated copy, downloaded from the internet. Using it for official forensic investigation could have invalidated even the RAM evidence in a court of law. He had to order an original copy.

This task was made easier by the fact that Microsoft has an agreement with the Interpol regarding COFEE. The state CIDs are arms of the Interpol on Indian soil, so procuring a copy of COFEE was trivial, but would still take a few hours to ship from New Delhi to Mumbai. Ajay called his contacts in New Delhi and placed the order.

Ajay: Nikhil, you have three hours until COFEE arrives. Finish all the fingerprint lifting business within that time. Ensure that you do not end up pressing keys or disconnecting wires.

Nikhil got to work right away.

Within three hours, COFEE arrived on the scene. Ajay used his laptop to configure the software, loaded it onto a pen-drive, and plugged it into the target machine. In less than five minutes, the software collected all the data from the RAM. It could also be configured to collect data from the hard disk, but Ajay thought it best to deal with the hard disk using Ubuntu, after shutting down the machine.

The gamble paid off.

The RAM coughed up enough information to implicate a rich businessman in the matter. He had been found communicating with the cartel through Google Talk. Many instant messengers do not write the contents of the RAM to the hard disk, so just searching the hard disk would have been futile. The hard disk, of course, coughed up even more information, leading to encounters at multiple godowns across the nation.

Meanwhile, back at the bureau…

After spending ten minutes in private with the businessman, Daya emerged from the interrogation room with a blood-stained piece of paper in his hand. It had a list of all of the businessman's partners in crime, written in his own handwriting.

* * *

Just to clarify, in the first chapter, Ajay used the hard disk for evidence even though the machine was turned on at the crime scene. He did not use the RAM. That was because the police officers who first investigated the crime were not knowledgeable enough to know the effects of turning off a computer on the RAM. They turned it off right away. Otherwise, the information from the RAM could also have been used.

Please do let me know if there is some technical concept that I have not explained properly. I will be glad to clarify doubts.


	4. Wireshark

Hello Friends!

After careful consideration of the fact that this fanfic has given me as many views in its lifetime as Anthology gives me in one day, I have reached the conclusion that if I have to keep this fanfic alive, I must add copious amounts of romance.

This I shall do inspite of myself, as I originally intended to keep it a pure investigative fanfic. However, getting across digital forensic techniques available in the public domain to my readers is of greater concern to me than purity, and if I must use romance as a vehicle for knowledge, so be it.

* * *

One fine evening, after a long and tiring day at work, Shreya decided to visit Daya. She turned up at his house at 07:00 pm.

Shreya: Hi Daya sir!

Daya: Hello!

Shreya: Sir today is a fine evening. Why don't we… um… go out for a walk, maybe?

Daya: (worried) I would love to go, but I… I have some work. So, if you don't mind, can we go later?

Shreya: Okay, then. I'll just hang around here while you do your work. Need some help?

Daya: No. (nervous) But I may not be able to finish the work today.

Shreya was aware of a constant pinging sound emanating from Daya's room since she entered. Something that was unusual and had never happened before.

Shreya: Never mind. By the way, what's that sound from your room?

Daya: Nothing, it's just… Forget it. I'll make you some coffee.

Shreya sensed that Daya was hiding something.

Shreya: Okay sir. I'll wait here in the drawing room.

Daya went to the kitchen and kept an eye on Shreya. When she appeared to be looking elsewhere, he stole across the drawing room, behind the sofa where she was seated, and into his bedroom.

Shreya, however, noticed this as she was alert. She immediately rushed to his room. When she entered, she found him hastily closing a window on his laptop. The constant pinging sound immediately stopped. Daya turned around and let out a sigh, before noticing Shreya standing at the door.

Daya: (nervous) Shr… Shreya?

Shreya: Yes sir. What happened? Why did you steal across the drawing room? And what were you doing here?

Daya: No… Nothing. Just muting the sound of my laptop. Don't you think the constant pings were irritating?

Shreya: Yes, but what were they?

Daya: Oh, just… error messages, that's it. My laptop seems to be acting up lately. I need to get it fixed. Forget about it. Let's just go out on a walk.

Shreya: Oh, but I thought you were busy?

Daya: Oh, I was supposed to be busy.

Shreya: What?!

Daya: I mean, yes, I was supposed to be busy, but you see my laptop's been causing some trouble, so I'll do it later. Let's go.

Shreya: Okay.

Shreya scanned his entire room as she stood in the doorway, looking for anything that might be amiss.

Daya: What are you looking for?

Shreya: Nothing, sir. Just… admiring my room.

Daya: What?!

Shreya: I mean your room. We're getting late. Let's go.

Dareya went out on a walk, but Shreya seemed to be lost throughout. She was not her usual bubbly self.

Shreya: (thinking) What was Daya sir doing with his laptop? Something is surely not in place. I've heard that kind of pinging before. Just where… Ah! That's it. It's the ping of the Facebook in-browser chat, not some error message. Which means Daya sir was chatting with someone he did not want me to know about. Strange. Is he…

Even the thought was repugnant to her.

Shreya: (thinking) No, no, that's not possible.

Of course it was not possible. He had not yet committed to her, how could he possibly cheat on her? But that was not how Shreya thought of the matter.

Daya: Shreya? Why are you so silent today? You seem to be lost.

Shreya: No sir, just… Just enjoying the breeze. Sometimes, we should remain silent and contemplate.

Daya: How true! (thinking) Good. She does not want to talk. I have more pressing matters to attend to and think about.

They spent the evening without talking much.

Daya: Okay, Shreya, it's getting late. I'll drop you home.

Shreya: No sir, it's okay. I have my car.

Daya: Fine. (thinking) Weird. Usually, she would jump at this offer. Never mind. That's gives me more time with my laptop.

Shreya drove away, the incidents of the day weighing heavily upon her mind. As she reached her house, she had an idea.

Shreya: (thinking) Yes, that's it. I don't think he will refuse.

Shreya dialled Ajay.

Shreya: Hello Ajay, this is Shreya here.

Ajay: Good evening, ma'am.

Ajay had figured out what most people in the bureau had not. Daya and Shreya were in love. Since then, he addresses her as ma'am.

Shreya: Can you please do me a favour?

Ajay: Sure. Why not?

Shreya: Okay, first, apply for leave tomorrow. There is… um… an investigation we have to do.

Ajay: But what? Where? Why?

Shreya: I'll explain everything later. Meet me at Daya sir's house tomorrow at 09:30 in the morning. He leaves for the bureau before that.

Ajay: Okay.

Shreya: And don't forget to bring your kit with you.

Ajay: Yes ma'am.

Shreya and Ajay both dialled ACP and applied for leave. He agreed.

The next day, Shreya and Ajay reached Daya's house at the appointed time. He had already left for the bureau per their expectations.

Shreya narrated the entire incident to Ajay.

Ajay: Okay, ma'am. Now, where do I figure in here?

Shreya: Simple. Who was he chatting with and what?

Ajay: Ma'am, you do realize that what you ask of me is unethical?

Shreya: Yes, but what your Daya sir is doing is also not quite ethical. Now spare me the ethics lecture and help me get to the bottom of this matter.

Ajay: Fine. Tell me one thing: does Daya sir have a WiFi router? I mean was his laptop connected to any cable or any dongle (like Tata Photon Plus)?

Shreya: No. I examined his room thoroughly. I also saw his laptop. There was nothing of the sort.

Ajay: Good. Now, you keep visiting him, don't you? Did you ever connect to his WiFi network?

Shreya: Yes, a couple of times, with my phone.

Ajay: So, he gave you the password?

Shreya: Yes he did, but I don't remember.

Ajay: You don't have to. Your phone remembers. That's all I need. Saves me the trouble of having physical access to his laptop. But there is little that I can do right now. We must wait for him to return.

Shreya: No problem. I'll wait.

Ajay: Ma'am it'll take a long while. I suggest we meet here again at five in the evening.

Shreya: Fine.

While at her home, Shreya received a call from Daya.

Daya: Hello?

Shreya: Hello Daya sir?

Daya: What happened Shreya? Why did you take a day off?

Shreya: Nothing sir, just… feeling a bit off… I'll be fine.

Daya: Okay. Call me if you need anything.

Shreya: Yes sir.

At five in the evening, Shreya and Ajay met as appointed, behind Daya's house.

Ajay set up his laptop in Shreya's car, and plugged it into the cigarette lighter of the car using an adapter, as WiFi can drain the battery really fast.

All it takes to snoop WiFi connections is a standard, off-the-shelf laptop with a WiFi transmitter. No special or expensive equipment is needed.

Wireshark, a free software which is available for Ubuntu as well as Windows, is also required. Ajay already had the software installed on his customized version of Ubuntu.

The technique used for snooping packets of a WiFi connection is MAC spoofing (Media Access Control). Every computer capable of connecting to the internet has a network interface card (NIC), which has an associated MAC address. On a WiFi network, the individual computers are identified by their MAC addresses. The WiFi router sends all information arriving from the internet to all the computers on the network, but only the computer whose MAC address matches that of the MAC address mentioned in the information picks it up and reads it.

The MAC address, however, can be spoofed. That means that the MAC address of a computer can be changed to match that of another computer. Then all information directed at the other computer (Daya's laptop) will be picked up by the spoofing computer (Ajay's laptop). This information, however, is useless because it is encrypted with the WiFi router's password. Shreya's mobile phone provided the password, decimating the last line of defence.

Daya's MAC address could be obtained when he connected to the WiFi network through a process known as "ping." (The discussion of the ping process is beyond the scope of this fanfic. PM me for a complete explanation.)

Shreya and Ajay thus waited in ambush for their prey. Daya returned home at about 06:30 pm, and turned on the WiFi right away.

A few masterful strokes at the keyboard, and Ajay was privy to everything Daya did on the internet.

What followed on his screen shocked both Shreya and Ajay.

**Snooped Text Chat**

_Daya: Hi dear how r u?_

_Sneha: fine. u?_

_Daya: not fine_

_Sneha: y?_

_Daya: missing u_

_Sneha: me 2. wen can we meet?_

_Daya: ne time. im free right now_

_Sneha: but im not. how bout tomorow?_

_Daya: sure. by the way, where u live?_

_Sneha: no no im not telling_

_Daya: please…_

_Sneha: no. wen we meet._

_Daya: but y? i luv u na, dont you luv me?_

_Sneha: i do but_

…

…

…

**End of Snooped Text Chat**

Shreya: (shouting) Stop it! Just stop it! I can't take this anymore.

Ajay: (low voice) Yes ma'am.

Tears flowed down Shreya's cheeks as she yelled at the top of her voice. She was no longer interested in the chat.

Ajay packed up his equipment and left Shreya alone with her thoughts. She cried her heart out in the car. Her face became red and swollen. Through the tears, she managed to speak in a broken voice.

Shreya: I will never forgive you Daya sir… never!

She drove back home and went straight to bed. No snacks, no dinner. After sobbing through the night, she woke up at eight with an even more swollen and reddened face. She washed up, took a bath and got ready for work. She then hurriedly downed a glass of orange juice, just to quell the hunger pangs, and left for the bureau.

Her face still bore the streaks of redness and puffiness.

As usual, she was the first one at the bureau. She got to work right away, inspecting some files. Slowly, the other officers started to pour in. Soon, Daya also arrived. He approached her desk and wished her.

Daya: Good morning Shreya.

Shreya: (dry voice, without looking towards him) Good morning, sir.

Daya: Are you all right? Your face appears swollen.

Shreya: How should that bother you?

With this, Shreya got up and moved to another part of the bureau on the pretext of fetching some files. Daya, of course, was a bit dazed at her curt reply, but thought it must have been due to her illness of the previous day.

Later in the day, during an investigation, Daya noticed Shreya was not her usual self. She was constantly looking lost and did not talk much.

Daya: Shreya? Are you all right? If you are not feeling well, you may go home.

Shreya: I'm fine. Besides that should not bother you.

Daya: What do you mean by should not bother me? Are you in your senses?

Shreya: Yes I am. I was not in my senses all along, but now I am in my senses. Stop bothering me, now.

Daya: What? I'm bothering you? I know you're not feeling well, so you I suggest you go home and take rest.

Shreya: I'm fine.

Daya: What the heck is wrong with you? You are not able to concentrate on the investigation. You are behaving really weird, and you refuse to take rest.

Shreya: (in a fit of rage) Stop showing your fake concern for me. Just go away! Go stay with your Sneha!

Tears flowed down her cheek and onto the ground below.

Daya: Sneha?! What?! Wait a minute…

Shreya: Don't try to act smart. I know everything. You love her right? You…

Daya: Wait a minute. I don't love any Sneha. Listen to me.

Shreya: I read your chats with her. Don't lie.

Daya: Look, that was in relation to an investigation. Sneha is a serial killer.

Shreya: I don't care who she is… (realizes) Wait, what? Serial killer?

Daya: Yes, and she, I mean he, is not even a girl. He's a man who lures young boys into his trap and kills them just for fun. He is a psychopath serial killer.

Shreya: I'm so sorry, I didn't realize.

Daya: Wait, exactly when did you snoop on me? No lies, please.

Shreya: Yesterday evening, at about 06:30 pm.

Daya: Great. Now let me guess. You did not have dinner, and you did not have breakfast. Right?

Shreya remained silent.

Daya: (loud, harsh) Right? Answer me!

Shreya: (startled, nodding her head) Yes. I thought you were…

Daya: (interrupting) Explanations can come later…

Shreya appeared relieved.

Daya: …from you AND Ajay!

The relief on Shreya's face faded away.

Daya: Right now, it is important to feed you, before your hungry brain cooks up new stories. Let's have a sumptuous lunch together.

Dareya left for the nearest restaurant.

At the restaurant, Shreya voraciously lapped half the plate without saying a word. With her body at ease now and mind capable of meaningful thought, she remembered something important.

Shreya: Wait a minute, Daya sir… I am not entirely at fault here. You are also responsible.

Daya: How?!

Shreya: You could have told me about all this earlier. Besides, why did you steal across the drawing room to close the chat window? That also raised my suspicions.

Daya: I was… actually, I did not want to…

Shreya: I'm all ears. Carry on.

Daya: I did not want you to get unnecessarily worried. It was a simple case. I and Abhijeet would wait in ambush for the man and nab him. I thought you would be worried knowing that I am going on a date with a serial killer.

Shreya: You are hopeless. You really think I can't handle such trifles?

Daya reached for her face and wiped the tear tracks with his hand and spoke.

Daya: Do I need to think much when you have aptly demonstrated your ability to handle trifles?

Shreya blushed.

Later, at the bureau, Daya would have dragged Ajay into the interrogation room had it not been for Shreya's timely intervention and profuse apologies!

* * *

Please do let me know if there is some technical concept that I have not explained properly. I will be glad to clarify doubts.

Now, honestly tell me how many of you conveniently skipped the technical part and only read the romance? If you're still reading this, go right back and read the technical part. NOW!


	5. Recuva

Hello Friends! I hope I have not kept you waiting for too long.

This chapter is set in the Vivesha era.

You may recall that certain episodes depicted Tasha as more knowledgeable in computers than the other officers, and that she taught Vivek every Sunday. (Of course, how much of teaching actually occurred is debatable!) For those who are absolutely lost, please accept these facts as I state them, since I have no source to cite. Vivesha episodes are not listed on Sony LIV.

As this chapter is set in a bygone era, Ajay and Nikhil are not present. With Ajay, his advanced techniques are also missing; while Tasha was knowledgeable, she is still no match for Ajay. The techniques I depict in this chapter can be tried on all versions of Windows, and no other operating system (like Ubuntu) is required. They are not safe for forensic investigation, but for common uses, they are adequate.

* * *

It was a pleasant Sunday morning, and Vivek had dutifully reported to Tasha's house for his lessons. But…

Tasha: (exasperated) What do I do with you Vivek? Please stop staring at me, stop sniffing me, stop cuddling me, and stop whatever it is you're doing with me. For God's sake, focus on the damn computer screen, for once. Your computer skills never improve. It's been four Sundays, and this is the fifth one, and you've only managed to learn how to format documents in Word.

Vivek: Because that's all I need to write love letters. Besides, when my girlfriend is an expert, why should I bother with learning anything else?

Tasha: You are hopeless. If you can't master Excel formulas by the end of the day, I'm not talking to you. (looks away)

Vivek: Okay, okay, I'll do as you say.

Half an hour later…

Tasha had her gaze fixed on the screen, and had a not-so-pleased expression on her face, as she spoke.

Tasha: What are you doing Vivek?

Vivek: (innocently) Why? I'm cuddling my girlfriend. You have a problem?

Tasha: No. But soon, YOU will have a problem if you can't process the table that I'll give you.

Vivek: Hmm… You are so mean. You won't even let me romance my girlfriend. (pouting)

One hour later…

Vivek: Ma'am, can I please get a break? I want to romance my girlfriend.

Tasha: (stern voice) No. Absolutely not.

Vivek: Please… (puppy eyes)

Tasha: Aaa… Fine. Take a break. But no romance until you finish this.

Vivek: Can I at least show my sweetheart some pictures we took at the beach?

Tasha: When did you go to the beach? With whom?

Vivek: Freddy sir and Sachin sir. Why? What did YOU think?

Tasha: Never mind. Show me the pics.

Vivek fetched the digital camera from his bag and plugged it into the computer.

Vivek: (shocked) What?! No pictures? How's that possible? We took so many.

Tasha: Are you sure you went to the beach for real? Or were you dreaming?

Vivek: No, seriously. The pics are missing.

Tasha: Did you give it to someone else before bringing it here?

Vivek: Ah! That explains it. Freddy sir must have cut-pasted the pictures instead of copy-pasting them to his computer. Now I'll have run to his house to get the pics back.

Tasha: Or not. Maybe I can use this opportunity to teach you a thing or two about recovering deleted files.

Vivek: You mean, you can get the pics back right here?

Tasha: (triumphantly) Absolutely.

Vivek: But how?

Tasha: You see, when files are deleted, the operating system marks the space occupied by the file as reusable, so new files can be placed there. But until new files are actually placed there, the contents of the old file are preserved. In your case, since you haven't taken any more pictures after giving your camera to Freddy sir, we should be able to read the contents of the files and restore them. Understood?

Vivek: (scratching his head) Can you… talk in English?

Tasha: (shaking her head in dismay) Never mind. I'll just show it to you.

Tasha connected the camera to the computer and launched Recuva.

Recuva is a file recovery software for dummies. Basically, it is a far less capable version of the advanced _testdisk_ software mentioned in Chapter 1. It is available as a free download for Windows. It has an intuitive wizard driven interface, that can handle most common (non-forensic) recovery work, like recovering files from pen drives, cameras, and hard disks.

Tasha: Pay attention to the screen, will you? I know my neck smells sweet, but I'm trying to recover your pics, and I want you to learn how to do it.

Vivek: Okay.

Vivek did pay attention this time. This was something exotic. Something that not everyone could do. Something that would allow him to show off to Freddy and Sachin.

The wizard (small dialog box that asks questions one by one) lead Tasha through the recovery. The wizard asked questions like what kind of file was to be recovered (pics/vids/songs/documents), from which device (camera/hard disk), and where to store the recovered files (Desktop/My Documents/My Pictures). In a few minutes, the recovery was complete.

Tasha soon forgot that she had set Vivek a task. They spent the rest of the day admiring the pictures, and experimenting with recovering deleted files from the hard disk. For the first time ever, Vivek was actually interested in learning something, and actively experimented to find out more.

* * *

Please do let me know if there is some technical concept that I have not explained properly. I will be glad to clarify doubts.


End file.
